Activity log for bug #302026

Date Who What changed Old value New value Message
2008-11-25 13:33:14 Jakob SigurĂ°sson bug added bug
2008-11-25 13:33:38 Jakob SigurĂ°sson description Binary package hint: likewise-open After installing likewise-open on 8.10 I am unable to change any local passwords. The latest updates have just been applied - some updates to libpam were included but did not fix the problem. This appears only to be the case with users with empty passwords. <code> jakob@ubuntu:~$ passwd Changing password for jakob. (current) UNIX password: ^C passwd: Authentication token manipulation error passwd: password unchanged jakob@ubuntu:~$ jakob@ubuntu:~$ sudo su - [sudo] password for jakob: root@ubuntu:~# passwd passwd: password updated successfully root@ubuntu:~# root@ubuntu:~# adduser testuser Adding user `testuser' ... [output cut] root@ubuntu:~# root@ubuntu:~# root@ubuntu:~# root@ubuntu:~# passwd testuser passwd: password updated successfully root@ubuntu:~# </code> The passwd commands simply prints out that "password updated successfully" message then exits. Binary package hint: likewise-open After installing likewise-open on 8.10 I am unable to change any local passwords. The latest updates have just been applied - some updates to libpam were included but did not fix the problem. This appears only to be the case with users with empty passwords. jakob@ubuntu:~$ passwd Changing password for jakob. (current) UNIX password: ^C passwd: Authentication token manipulation error passwd: password unchanged jakob@ubuntu:~$ jakob@ubuntu:~$ sudo su - [sudo] password for jakob: root@ubuntu:~# passwd passwd: password updated successfully root@ubuntu:~# root@ubuntu:~# adduser testuser Adding user `testuser' ... [output cut] root@ubuntu:~# root@ubuntu:~# root@ubuntu:~# root@ubuntu:~# passwd testuser passwd: password updated successfully root@ubuntu:~# The passwd commands simply prints out that "password updated successfully" message then exits.
2008-11-26 10:32:23 Thierry Carrez likewise-open: status New Confirmed
2008-11-26 10:32:23 Thierry Carrez likewise-open: statusexplanation Confirming... Once likewise-open is installed (whether a domain is joined or not), running "passwd" to change a local password fails: it never prompts for a new password. (Changing a domain password works.) It also always returns "passwd: password updated successfully" I suppose there is something wrong in the PAM stack: password [success=2 default=ignore] pam_lwidentity.so password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password requisite pam_deny.so password required pam_permit.so use_authtok forces pam_unix.so use the password entered for pam_lwidentity.so... but if the user is not in the domain there is no such token. There is little to gain in reusing passwords between pam_lwidentity.so and pam_unix.so, since they aren't targeting the same users... As a dirty workaround "use_authtok" can be removed from /etc/pam.d/common-password: password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 (that change will be overridden next time pam-auth-update is run)
2008-11-26 10:37:48 Thierry Carrez likewise-open: status Confirmed New
2008-11-26 10:37:48 Thierry Carrez likewise-open: statusexplanation Confirming... Once likewise-open is installed (whether a domain is joined or not), running "passwd" to change a local password fails: it never prompts for a new password. (Changing a domain password works.) It also always returns "passwd: password updated successfully" I suppose there is something wrong in the PAM stack: password [success=2 default=ignore] pam_lwidentity.so password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 password requisite pam_deny.so password required pam_permit.so use_authtok forces pam_unix.so use the password entered for pam_lwidentity.so... but if the user is not in the domain there is no such token. There is little to gain in reusing passwords between pam_lwidentity.so and pam_unix.so, since they aren't targeting the same users... As a dirty workaround "use_authtok" can be removed from /etc/pam.d/common-password: password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512 (that change will be overridden next time pam-auth-update is run)
2008-11-26 10:38:01 Thierry Carrez bug assigned to pam (Ubuntu)
2008-11-27 07:30:37 Thierry Carrez pam: status New Invalid
2008-11-27 07:30:37 Thierry Carrez pam: statusexplanation Thanks for the analysis, this should indeed be fixed in pam_lwidentity.so rather than specialcasing pam_lwidentity.so in the pam stack building tools.
2008-11-27 07:30:51 Thierry Carrez likewise-open: status New Confirmed
2008-11-27 07:30:51 Thierry Carrez likewise-open: importance Undecided Medium
2009-10-10 07:47:44 MikeMc removed subscriber MikeMc
2009-10-14 14:00:18 Thierry Carrez likewise-open (Ubuntu): status Confirmed Triaged
2010-03-26 16:36:51 James Gregory-Monk removed subscriber James Gregory
2012-10-25 11:53:03 Stefan bug added subscriber Stefan Felkel
2013-08-05 11:17:31 Claus Frein removed subscriber Claus Frein